Client Device Address Assignment Following Authentication

1. A method, comprising: assigning a first role to a client device when the client device is associated with a first VLAN and the first VLAN's corresponding DHCP server; assigning the client device to a second role in response to detecting an authentication request; declining a DHCP request from the client device while the client device is assigned to the second role, wherein the second role includes a rule to decline the DHCP request until an Extensible Authentication Protocol (EAP) success message is received from the client device; and assigning the client device to a third role when the client device is associated with a second VLAN and the second VLAN's corresponding DHCP server when the EAP success message is received from the client device.

2. The method of claim 1 , comprising assigning the client device back to the first role in response to failing to complete an authentication of the client device.

3. The method of claim 1 , comprising assigning the client device to the second role in response to receiving an EAP response message from the client device, wherein the instructions to assign the client device to the second role comprise instructions to overwrite the first role with the second role.

4. The method of claim 1 , wherein DHCP request messages received from the client device are declined during a period of time between successfully authenticating the client device and the assignment of the client device to the third role.

5. The method of claim 1 , wherein DHCP requests received from the client device are declined during a first period of time between detecting the authentication request transmitted by the client device successfully completing authentication of the client device.

6. The method of claim 5 , wherein DHCP requests received from the client device are declined during a second period of time between successfully completing authentication of the client device and the assignment of the client device to the third role.

7. The method of claim 1 , comprising detecting an authentication request transmitted by the client device while the client device is assigned the first role, wherein the detecting operation is performed by a controller or an access point.

8. The method of claim 1 , wherein declining the DHCP requests received from the client device while the client device is assigned to the second role is performed by a firewall application executing on a network device.

9. The method of claim 1 , comprising: receiving, from the client device, a particular DHCP request subsequent to assigning the client device to the third role; and forwarding the particular DHCP request to a DHCP server associated with the second VLAN subsequent to assigning the client device to the third role.

10. The method of claim 1 , comprising: receiving a request from the client device other than DHCP requests while the client device is assigned to the second role; and forwarding the request.

11. A non-transitory machine readable storage medium having stored thereon machine readable instructions to cause a computer processor to: detect an authentication request transmitted by a client device; assign a first role to the client device in response to the authentication request when the client device is associated with a first VLAN and the first VLAN's corresponding DHCP server; assign the client device to a second role in response to detecting the authentication request; decline a DHCP request from the client device while the client device is assigned to the second role, wherein the second role includes a rule to decline the DHCP request until an Extensible Authentication Protocol (EAP) success message is received from the client device; and assign the client device to a third role when the client device is associated with a second VLAN and the second VLAN's corresponding DHCP server when the EAP success message is received from the client device.

12. The machine readable storage medium of claim 11 , wherein the client device is barred from renewing an IP address during while the client device is assigned to the second role.

13. The machine readable storage medium of claim 11 , wherein the hardware processor further includes instructions to: transmit the Extensible Authentication Protocol (EAP) success message to an authentication server; and assign the client device to the second role in response to transmitting the EAP response message, wherein the instructions to assign the client device to the second role comprise instructions to overwrite the first role with the second role.

14. The machine readable storage medium of claim 11 , wherein DHCP request messages received from the client device are declined during a period of time between successfully authenticating the client device and the assignment of the client device to the third role.

15. The machine readable storage medium of claim 11 , wherein any DHCP requests received from the client device are declined during both a first period of time between detecting the authentication request transmitted by the client device and successfully completing authentication of the client device and a second period of time between successfully completing authentication of the client device and the assignment of the client device to the third role.

16. A system comprising: a network device comprising a hardware processor, wherein the hardware processor includes instructions to: assign a first role to a client device in response to an authentication request when the client device is associated with a first VLAN the first VLAN's corresponding DHCP server to indicate that the client device has not been authenticated; receive a DHCP request from the client device while the client device is assigned to a second role that indicates that any DHCP requests and DHCP renew messages from the client device are to be denied, wherein the second role overwrites the first role; decline the DHCP request from the client device while the client device is assigned to the second role until an Extensible Authentication Protocol (EAP) success message is received from the client device; and assign the client device to a third role when the client device is associated with a second VLAN and the second VLAN's corresponding DHCP server when the EAP success message is received from the client device.

17. The system of claim 16 , wherein the network device comprises a controller or an access point.

18. The system of claim 16 , wherein the DHCP request received from the client device while the client device is assigned to the second role is declined by a firewall application executing on the network device.

19. The system of claim 16 , wherein the client device is assigned an IP address corresponding to the first VLAN and the first VLAN's corresponding DHCP server while the client device is assigned to the first role.

20. The system of claim 19 , wherein the hardware processor includes instructions to transmit a new IP address to the client device associated with the second VLAN and the second VLAN's corresponding DHCP server when the client device is assigned to the third role.